Web17 - Large Botnet attacking multiple domains - DDOS

I am moving this to the network thread instead of server specific, as it is impacting web17, but it is multi domain attack by 1000s of IPs and servers/trojan infected home PCs. We are trying to stop it for a long time indeed, but it is on the shared IP and blocking all incoming to the shared IP may be a 4-5 day outage which we don't wish to have it at all possible.

We are still working on this, working on filtering out the traffic. In addition we are searching options for ddos mitigation hardware and solutions that we can bring onboard to defend against these in a more automated manner.

Current ddos attack is a challenge to us. We have dealt such attacks in the past, we will take care of it even now. We have taken some steps, which has resulted in some control. At this moment we are exploring all options available to us to mitigate it completely.
I am working with my team to identify issues at network and server level. These proactive measures will help us mitigate issues before they effect our services. One such area is mail services. We have implemented one such solution on few of our mail servers and the results are very encouraging.
We have built a Devops team. This team is working for few high profile Silicon Valley companies. This team will be used to help JodoHost techs to improve our service.
I want to assure our customers that we will do all that we can to make JodoHost a reliable hosting service provider for all.

We are going to change shared IP address on Web 17 due to DDOS attack.If you are using External DNS, Kindly send us a support ticket with domain name.We will provide you the new IP address.

IP Migration process is still in process on the server due to which web services has stopped. It is taking more time then expected.

We're also taking help of parallels team to look into it for getting this IP migrate asap.

Web-17 ip migration stuck in the mid of its process and taking time to complete as we expected.

Parallels's team and our investigation is still going on for the completion of ip migration as soon as possible.

Parallels team has resolved some of the errors and you may notice a shift in the shared IP on your domain due to this change occuring.

As a general update:
Guys, I understand communications have been slow with this DDOS attack. I have been at this for a long time now, and I feel very bad about how issues impacted lately and we are working hard to not only stop now, but come with additional protections and solutions going into 2014.

Resellers, please please make sure you audit all signups coming in on your reseller system, never auto accept accounts, audit them for legit customers, payments etc.

However, DDOS alone cannot be pointed at an individual in most cases, there are some certain types of sites more prone to get them, and I'd say whats happened lately is not of those high risk type.
What's for sure that is DDOS for hire is getting cheaper, and people are more willing than ever to do dirty means to take out competitors. I don't believe anyone is attacking us, but there's a very real likelihood some of the recent DDOS was such a case against a hosted reseller end user. A 7gb/s DDOS(happened end of last month/early this month) doesn't just randomly target something that I've seen, nor does a smaller traffic, but crafty shifting attack like on web17 come by random chance. We've determined one of the target sites is actually on some external DNS pointing at us which is creating a majority of the traffic to the IP(shared IP of server with other shared domains).

Parallels team is continuing to check on the status of their ip migraiton scripts not running properly.

We have found a few issues:
1. Some domains did not change in DNS
2. In a few cases the wrong domain opens entirely. (ahh!)
3: Config files on the web server did not update at all.


We are working with them to get these all resolved ASAP.

On the plus side, there are a number of sites responsive and working on the web17 server now!

Parallels team is continuing to check on the status of their ip migraiton scripts not running properly And we are still working with them to fix it.